Tiger Brokers

DJI Addresses Security Flaw in ROMO Robotic Vacuum, Confirms Patch Completion

Deep News
Mar 09

Recently, reports of a security vulnerability in a DJI robotic vacuum cleaner have attracted attention within overseas tech communities. According to the reports, an overseas user attempted to control their DJI ROMO robotic vacuum using a PS5 controller. Utilizing the Claude Code AI programming assistant developed by Anthropic, the user reverse-engineered the ROMO's communication protocol. When their custom application connected to DJI's servers, it unexpectedly prompted responses from approximately 7,000 robotic vacuum cleaners simultaneously across 24 countries. Exploiting this vulnerability, the user could access the ROMO's live camera feed, listen to ambient sound via its onboard microphone, and even obtain complete 2D room maps and device location information generated by the units. This incident has sparked discussions regarding the security of smart home devices. There has been a recent development in the matter. DJI stated in an announcement that in late January of this year, during a routine internal security review, DJI Innovation identified an issue with the backend verification of the DJI Home application. This problem affected the newly launched ROMO product and some DJI power bank devices. Subsequently, two independent security researchers also reported the same vulnerability through DJI's bug bounty program, and their feedback supported the ongoing remediation efforts. The relevant fixes have now been completed, the company has deployed updates to fully resolve the issue, and no misuse of user data has been discovered. It is noteworthy that security issues with smart robotic vacuums have surfaced multiple times. In 2024, incidents occurred in various parts of the United States where hackers remotely compromised Ecovacs Deebot X2 Omni robotic vacuums, used the speakers to play abusive language, and controlled the devices to move around homes chasing pets. An industry insider analyzed that currently, technology companies, including DJI and Apple, commonly operate bug bounty programs to encourage security researchers to proactively discover and report vulnerabilities. After addressing the vulnerabilities, companies typically pay rewards to the researchers, thereby promoting continuous improvement in product security. DJI stated that security is an ongoing process requiring continuous evolution. Over the past decade, the company has invested significant resources in strengthening product security and maintains a professional security team that regularly reviews systems and enhances product safety. Furthermore, through its long-standing bug bounty program, over 300 security researchers have submitted reports on potential vulnerabilities within DJI's platforms. Looking ahead, the company also plans to subject the ROMO and the DJI Home App to independent third-party security audits and certifications, similar to the process for its drone products, to further enhance product security.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

  1. 1
     
     
     
     
  2. 2
     
     
     
     
  3. 3
     
     
     
     
  4. 4
     
     
     
     
  5. 5
     
     
     
     
  6. 6
     
     
     
     
  7. 7
     
     
     
     
  8. 8
     
     
     
     
  9. 9
     
     
     
     
  10. 10